ELK Stack最新版本测试一安装篇
咱们废话少说,直接切入正题先看版本
filebeat1.0.0-rc2logstash2.0.0-1elasticsearch2.0.0kibana4.2
那么多内容可以简单归结如下:
名词解释
Elasticsearch 存储索引
Kibana UI
Kibana dashboard 可视化思维图
Logstash Input Beats plugin 收集事件
Elasticsearch output plugin 发送事务
Filebeat 日志数据托运人shipper
Topbeat 轻量级服务器监控
Packetbeat 在线网络数据包分析
架构
http://blog.运维网.com/e/u261/themes/default/images/spacer.gifhttp://s3.运维网.com/wyfs02/M01/77/25/wKioL1ZkGpXgW3c5AABIwLsnwAk262.png
一,客户端安装
filebeat架构
http://blog.运维网.com/e/u261/themes/default/images/spacer.gifhttp://s2.运维网.com/wyfs02/M00/77/26/wKiom1ZkGjawaSQOAADiHYMu7rs048.png
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html#filebeat-installation
nginx日志客户端安装filebeat
安装filebeat
curl-L-O https://download.elastic.co/beats/filebeat/filebeat-1.0.0-rc2-x86_64.rpm
rpm-vi filebeat-1.0.0-rc2-x86_64.rpm
配置filebeat
/etc/filebeat/filebeat.yml
Filebeat configuration:
filebeat:
prospectors:
-
paths:
- "/var/log/*.log"
fields:
type: syslog
output:
elasticsearch:
enabled: true
hosts: ["http://localhost:5043"]
启动filebeat
# curl -XPUT 'http://192.168.0.58:9200/_template/filebeat?pretty' -d@/etc/filebeat/filebeat.template.json
{
"acknowledged" : true
}
topbeat
https://www.elastic.co/guide/en/beats/topbeat/current/topbeat-getting-started.html
curl -L -Ohttps://download.elastic.co/beats/topbeat/topbeat-1.0.0-rc2-x86_64.rpm
rpm -vih topbeat-1.0.0-rc2-x86_64.rpm
packetbeat
https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-getting-started.html
yum install libpcap
curl -L -O https://download.elastic.co/beats/packetbeat/packetbeat-1.0.0-rc2-x86_64.rpm
rpm -vi packetbeat-1.0.0-rc2-x86_64.rpm
二,服务器端安装
安装elk
https://www.elastic.co/guide/en/beats/libbeat/1.0.0-rc2/getting-started.html#logstash-setup
既可以分析日志,又可以监控服务器状态,还可以分析http协议等网络数据包。
elasticearch安装
yum install java-1.7.0-openjdk
curl -L -O https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-2.0.0.rpm
rpm -ivh elasticsearch-2.0.0.rpm
配置启动
cat /etc/elasticsearch/elasticsearch.yml|grep -Ev "^$|^#"
path.data: /data
path.logs: /data/elklogs
network.host: 192.168.0.58
chmod elasticsearch:elasticsearch /data/elasticsearch/ -R
chmod elasticsearch:elasticsearch /data/elklogs/ -R
service elasticsearch start
测试elasticearch
# curl http://127.0.0.1:9200
{
"name" : "Redwing",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "2.0.0",
"build_hash" : "de54438d6af8f9340d50c5c786151783ce7d6be5",
"build_timestamp" : "2015-10-22T08:09:48Z",
"build_snapshot" : false,
"lucene_version" : "5.2.1"
},
"tagline" : "You Know, for Search"
}
logstash安装(102.131)
curl-L-O https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.0.0-1.noarch.rpm
rpm -ivh logstash-2.0.0-1.noarch.rpm
logstash配置
cat nginxconf.json
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => "192.168.0.58:9200"
sniffing => true
manage_template => false
index => "%{[@metadata]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata]}"
}
}
kibana安装
curl-L-O https://download.elastic.co/kibana/kibana/kibana-4.2.0-linux-x64.tar.gz
tar xzvf kibana-4.2.0-linux-x64.tar.gz
cd kibana-4.2.0-linux-x64/
./bin/kibana
先修改kibana.yml 可设置端口号,elaticsearch
mvkibana-4.2.0-linux-x64 /var/kibana
nohup /var/kibana/bin/kibana -ehttp://192.168.0.58:9200 &
log Status changed from uninitialized to green - Ready
log Status changed from uninitialized to yellow - Waiting for Elasticsearch
log Status changed from uninitialized to green - Ready
log Status changed from uninitialized to green - Ready
log Status changed from uninitialized to green - Ready
log Status changed from uninitialized to green - Ready
log Status changed from uninitialized to green - Ready
log Status changed from yellow to green - Kibana index ready
log Status changed from uninitialized to green - Ready
log Server running at http://0.0.0.0:5601
kibana dashboard加载
curl-L-O http://download.elastic.co/beats/dashboards/beats-dashboards-1.0.0-rc2.tar.gz
tar xzvf beats-dashboards-1.0.0-rc2.tar.gz
cd beats-dashboards-1.0.0-rc2/
./load.sh
./load.shhttp://192.168.0.58:9200
curl
Loading search Cache-transactions:
{"_index":".kibana","_type":"search","_id":"Cache-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true}
Loading search DB-transactions:
{"_index":".kibana","_type":"search","_id":"DB-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true}
最后测试索引的命令如下:
curl 192.168.0.58:9200/_cat/indices
yellow open .kibana 1 1 93 069kb69kb
yellow open filebeat-2015.11.18 5 1 4109 0 2.9mb 2.9mb
详细配置可以参考配置篇
http://jerrymin.blog.运维网.com/3002256/1720110
页:
[1]